Beyond Zero Trust: Strategies for securing the multi-domain digital battlespace

For over a decade, Zero Trust has defined cybersecurity in government and defence. Its core principle – ‘never trust, always verify’ – has shaped how organisations secure users, devices and networks. However, as digital warfare continues to evolve, strategies must adapt accordingly. 

Today, securing data access and transfer across different partner networks and classification boundaries has become increasingly complex. The focus now extends beyond controlling network access to enabling the near real-time movement of data across various domains, partners and classification levels.

In this new landscape, relying solely on isolated Zero Trust models is increasingly counterproductive. Such an approach not only slows down operations but also hampers the integration of Artificial Intelligence (AI) models into battlespace operations.

When security slows strategy

Modern defence operations depend on speed. Intelligence must be able to move rapidly between systems, across different domains, and among coalition partners. Whether supporting joint operations or responding to emerging threats, the ability to share data securely and swiftly is essential for mission success. 

Zero Trust, though, was not designed to address this challenge. While Zero Trust Access systems are effective for ironclad verification, they don’t have mechanisms to facilitate the secure transfer of data.

Without those mechanisms, information gets trapped in siloes, and transferring it typically requires manual intervention or cumbersome workarounds, which can introduce latency into battlefield situations where timing is critical. In a multi-domain battlespace that encompasses cyber, cloud and physical operations, even minor delays can create exploitable vulnerabilities. 

The groundwork for introducing AI to the battlefield

Weak data pipelines affect more than just operational tempo. Increasingly, defence strategies are built around the promise of AI for faster analysis, improved situational awareness, and more informed decision-making. But AI is only as effective as the data it can access, and how quickly it can access it.

When data is siloed or slow to move, AI systems cannot operate as intended. This is why investment in AI (which is being ramped up in national defence departments across the world) risks coming to nothing if applications ranging from autonomous vehicles to next-generation command-and-control systems aren’t backed by agile data flows.

This is where outdated cyber strategies can become a strategic liability. By adhering to a model that restricts data flow, national security organisations may inadvertently hinder their own AI adoption. This results in a widening gap between their technological aspirations and operational reality.

A growing structural weakness

The impact of fragmented data environments is also felt beyond the walls of any one defence department or military organisation. They limit the effectiveness of coalitions. Defence partnerships depend on trust, interoperability, and shared situational awareness. If one participant struggles to share data efficiently and securely, it can negatively impact the entire coalition. 

This challenge is reflected in industry research; a majority of security leaders now regard secure data movement as a primary obstacle to implementing effective Zero Trust strategies. The issue is not with the Zero Trust framework itself, but rather with a sole reliance on these frameworks, leaving organisations without agile data capabilities that are crucial for the next generation of warfare and AI.

Moving toward a data-centric model

To overcome these limitations, organisations need to rethink their security architecture. The focus should shift from controlling access to enabling secure data flow. 

This shift can be achieved through an integrated model built on three pillars: Zero Trust Architecture (ZTA) for continuous verification of users, devices and access; Data-Centric Security (DCS) to apply security controls directly to the data itself; and Cross Domain Solutions (CDS) to enable secure, policy-enforced transfer of data between networks of different classification levels.

Together, these components create a more flexible and effective security model. Rather than relying on static controls at the network edge, security becomes dynamic and policy-driven, following the data wherever it goes. This adaptive approach aligns more closely with how modern defence environments actually need to operate – interconnected, multi-domain, and coalition-based. 

From principle to progress

Zero Trust, with its focus on verification and least privilege, remains an essential foundation for cybersecurity. On its own, however, it is no longer sufficient to meet the demands of modern defence. The future lies in integration. By combining Zero Trust with DCS and CDS capabilities, national security organisations can eliminate the friction that limits both operational effectiveness and technological advancement.  

The stakes are high. In a digital battlespace where data is the decisive asset, the ability to securely move, share and act on information defines mission success. Those who fail to evolve risk more than just efficiency; they risk falling behind in the race to operationalise AI for defence. Conversely, those who succeed will not only secure their environments more effectively but also unlock the potential of the technologies shaping the future of defence. 

Audra Simons is Vice President of Software Engineering for Global Products at Everfox

Follow Machine on LinkedIn